Is Your Company Vulnerable to Cyber-Crime?
Internet of Things, big data, analytics, globalisation, cloud and related internet issues create new concerns when it comes to corporate data protection and IT security. After a wide range of cyber-attacks the general belief amongst the board of directors now is that no company can be prepared for future hacker attacks. However that must never be the case. All companies can be prepared to save the business and damage control any major cyber-attack
The material dangers of extortion
Lack of employee training is one of the major factors . Since between 60-87% (depending on the survey) of the cyber hacks occur due to innocent mistakes that may end with malware or phishing attacks. When the company’s data and vital IP information is leaked, and perhaps large sums of bitcoins are spent on hackers, businesses are involuntary hostage to avoid the vulnerabilities on the IT systems and many companies experience the worst case scenario of suffering huge losses or close shop completely after an attack for an extended period, ins spite of the Business Continuity Plans.
Online systems that are often operational and connected round the clock are at risk as they are exposed to the outside world where data patches are not enough safeguards because these patches are not maintained and updated all over. Over time the patches become vulnerable and create holes in the firewalls. Many companies do not even monitor the systems and when an attack takes place, because round the clock automating cyber monitoring is not affordable and becomes aware of it when it’s too late.
Internet connections represent high risks
The typical types of cyber-attacks that companies are exposed to occur on a regular and daily basis. Ransomware, malware and related attacks that locks the files, and BEC (Business Email Compromise) attacks are often done via emails with attached links or files that has relation to an discussed question or a visited website because the individual computers are monitored. Another attack which is seen on a regular basis, is DDoS (Distributed Denial of Service), Which is an overload attack where a lot of data is directed to a website, so it goes down. These attacks can also be ordered in the dark and deep web for a few hundred euros.
How to avoid, dodge or protect from the cyber attacks
The IT and data oriented (compared to the legal or process oriented) GDPR implementation can reveal many holes in the IT and cyber security issues in the company. A long tern digitisation approach will also streamline the different legacy systems from cyber weaknesses.
Very often IT and data security contingencies are not in the budget. This lack of monetary and economic preparedness results in many different, time consuming and of the rather expensive options that are available for protection. D-Marc that has been around for several years and can detect the sender and potentially help the user to block threats. And of course, there is always the issue of using strong, unique password and two-factor authentication. A password under 16 characters is considered as a weak password and should be avoided.
Get the situation under control as in a fire or car accident
A traditional Business Continuity Plan had often proved to be insufficient. In our FAS and DPO seminars http://eugdpr.institute/2018/march/copenhagen/dpo/index-web.html we go thru an elaborate IT and data security scenario planning exercise for what to do when things go wrong. The scenario planning exercise can save a lot of time, energy and frustration on how to stop the attack or limit the damage, keep a clear overview and provide transparency for what to remember, who to inform and contact when things go wrong and get lost.
Besides informing the stakeholders it is important to collect data from the affected systems as it is the information that all stakeholders involved in preparing the hack will ask for.